Recently, there was some conversation about expiring RS OAuth tokens among server developers. I thought i miight be useful to bring that discussion and relevant updates over here, so it's all in one place and new users and developers can find it, too.

There's currently on open issue for php-remote-storage, in where @fkooman is proposing to always expire them after a certain period by default:

it may be a long time, but they should expire at some point. Maybe after 1 month by default?

enhancement

Over at 5apps, we've just implemented user-editable expiration dates for new authorizations, using some pre-populated values in a dropdown menu ("never" as default, "1 month", "1 day"). It looks something like this:

While this seems like good UX in theory, I'm not yet certain that it is in practice. Also, aside from the other option choices, I'm wondering if "never" should even be an option in the first place. Any and all input and feedback would be very much appreciated!